External Purchase Report 401 error

Question

dev_ram OP

Created 1d

Replies 1

Boosts 0

Participants 2

Features being implemented store External Payment Report

Implementation Language and Framework JAVA springboot

a problem https://developer.apple.com/documentation/externalpurchaseserverapi/send-external-purchase-report?changes=latest_major

I send jwt tokens in the header to the apple endpoint If a 401 authentication error occurs all of a sudden while being sent successfully in the beginning, a 401 error has occurred since then

What I checked

Tokens are being re-created and sent every time a report is sent
I'm currently using aws ec2 load balancer and I get 401 error and when I shut down Tomcat and restart it, it works normally and then the above problem occurs again
Even if I send the token that I used to send since 401 happened using postman, 401 error
If my local server issues tokens again with the same content and sends the report to postman, it works fine

Considering the above problems and the confirmed contents, why 401 problems suddenly occur I'd like to know how to solve that part.

private String keyId="******";
private String issuerId="******";
private String bundleId = "ai.******";

Instant now = Instant.now();
Date issuedAt = Date.from(now);
Date expiresAt = Date.from(now.plusSeconds(20 * 60));
public String createToken(){
    try {
        PrivateKey key = getPrivateKey();

        return Jwts.builder()
                .setHeaderParam("alg", "ES256")
                .setHeaderParam("kid", keyId)
                .setHeaderParam("typ", "JWT")
                .setIssuer(issuerId)
                .setIssuedAt(issuedAt)
                .setExpiration(expiresAt)
                .setAudience("appstoreconnect-v1")
                .signWith(key, SignatureAlgorithm.ES256)
                .claim("bid",bundleId)
                .compact();
    }catch (Exception e){
        e.printStackTrace();
        throw new RuntimeException("JWT error", e);
    }
}

private static PrivateKey getPrivateKey() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
    InputStream privateKey = new ClassPathResource("certs/SubscriptionKey_***********.p8").getInputStream();

    String result = new BufferedReader(new InputStreamReader(privateKey)) .lines().collect(Collectors.joining("\n"));

    String key = result.replace("-----BEGIN PRIVATE KEY-----\n", "")
            .replace("-----END PRIVATE KEY-----", "")
            .replace("\n", ""); 
    byte[] decoded = Base64.getDecoder().decode(key); 
    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decoded);
    KeyFactory keyFactory = KeyFactory.getInstance("EC");
    return keyFactory.generatePrivate(keySpec);
}

Boost

Answer 1

App Store Commerce Engineer OP

Apple

22h

If the tokens you're sending work at all, that's a good sign that you're creating them correctly, at least to some degree. Double check all the time-related fields are being set as you expect, like iat and exp, and that they meet the requirements stated in the documentation:

https://developer.apple.com/documentation/appstoreserverapi/generating-json-web-tokens-for-api-requests

Also ensure the tokens that are receiving 401 haven't become malformed in some way. If you need further assistance, I recommend filing a feedback to the External Purchase Server API topic, and include example JWTs, successful request/responses, and unsuccessful request/responses. Share the FB number here.

http://feedbackassistant.apple.com

0